Token Scams Jump 41% to 350 Per Day, On-Chain Data Shows

Crypto is seeing rug pulls on an industrial scale. Last year, scammers deployed more than 350 fraudulent tokens per day. 

Since 2022, token scams have burned almost two million investors, says a prominent blockchain security firm. That is twice as much as the estimated number of those that lost money in the FTX collapse.

Solidus Labs released a report detailing the state of security in the crypto industry. The firm’s “Rug Pull Report” also explains why most rug pulls have evaded detection.

The report wrote that on-chain tools show that fraudsters deployed more than 350 scam tokens per day this year. Data from Solidus Labs’ smart contract scanning tool show 117,629 scam tokens from January to December 2022.

Data also shows that, despite the cooling of the crypto market, scams are on the rise. The latest incomplete figures for 2022 show that the number of scams has risen by 41.1% since 2021. Last year, Solidus Labs reported 83,368 scam tokens.

This is a concerning trend, as it showcases the risk to retail investors of entering the cryptocurrency space.

Solidus Labs used on-chain data to sort through rug pulls with fraudulent code in their smart contracts. Its findings also show the relative prevalence of scam tokens on various blockchain networks.

The scams are most prevalent on the BNB chain. This is likely due to low barriers to entry because of low gas fees. The report reveals that 12% of all tokens on the BNB chain are scams. Ethereum, the largest smart-contract network, does not trail far behind. 8% of all Ethereum tokens have rug-pull code.

This means that more investors lost money to scam tokens than to any of the biggest collapses of crypto giants. Latest estimates suggest that more than a million users lost money due to the FTX collapse.

For comparison, just 40,000 people lost money to the Terra-Luna collapse, while 600,000 held money in Celsius.

Solidus Labs details a few key reasons why most rug pulls evade detection. For one, the firm states that the theft occurs exclusively on-chain for most rug pulls. “The scam is encoded in the token’s smart contract, and the token is traded on a decentralized exchange.”

This makes it harder for authorities to access the funds. Moreover, the “scammer’s illicit profits are denominated in crypto, not fiat currency.”

Moreover, scammers can market their honeypots without even registering a website. This makes it less likely for authorities to find them. 

Rug pulls are a type of exit scam where the creators of a project launch to defraud investors.

The Solidus Labs differentiates between “hard” and “soft” rug pulls. The scammers place malicious code into the project’s smart contract in hard rug pulls. This allows them to drain funds from the investors before disappearing.

The most prevalent type of hard rug pull is a “honeypot,” where the project’s smart contract does not allows holders to sell. Other types include hidden mints, which allow developers to create unlimited tokens. Hidden fee modifiers allow developers to charge 100% fees, while hidden transfers let developers transfer tokens from holders to their wallets.

Soft rug pulls are more subtle and involve misleading marketing. The scammers use a variety of tactics, such as building up hype and using false claims to attract more investors. Scanners promote fake partnerships, post fake credentials, or publish roadmaps they never intended to follow. They then abandon the project and vanish with investors’ money.

It is important to note that Solidus Labs’ on-chain tools can only detect hard rug pulls. That means that the total number of scams is even bigger.

Scams hurt the whole cryptocurrency space. They lead to distrust and undermine the legitimacy of the industry.